allowWrite patterns don't work for nested directories on macOS (git clone fails) #72
Description
Bug Report: allowWrite patterns don't work for nested directories on macOS
Environment
- srt version: 1.0.0
- OS: macOS 15.2 (Darwin 25.1.0)
- Shell: zsh
- Node: v22.20.0
Config (~/.srt-settings.json)
{
"filesystem": {
"denyRead": [],
"allowWrite": ["/tmp", "/tmp/*", "/tmp/**", "/private/tmp", "/private/tmp/*", "/private/tmp/**"],
"denyWrite": []
},
"network": {
"allowedDomains": ["github.com", "api.github.com"],
"deniedDomains": []
}
}Command
srt "git clone --depth 1 --template= https://github.com/anthropic-experimental/sandbox-runtime /tmp/sandbox-test-repo"Expected behavior
Git should clone the repository to /tmp/sandbox-test-repo since /tmp/** and /private/tmp/** are in the allowWrite list.
Actual behavior
Cloning into '/tmp/sandbox-test-repo'...
error: could not write config file /private/tmp/sandbox-test-repo/.git/config: Operation not permitted
fatal: could not set 'core.repositoryformatversion' to '0'
Additional context
/tmpis a symlink to/private/tmpon macOS- Simple writes work:
srt "touch /tmp/test && echo ok"→ works ✅ - Nested directory creation works:
srt "mkdir -p /tmp/a/b/c && echo ok"→ works ✅ - But git writing to
.git/configinside a subdirectory fails
Minimal reproduction
# Install
npm install -g @anthropic-ai/sandbox-runtime
# Create config
cat > ~/.srt-settings.json << 'CONF'
{
"filesystem": {
"denyRead": [],
"allowWrite": ["/tmp", "/tmp/**", "/private/tmp", "/private/tmp/**"],
"denyWrite": []
},
"network": {
"allowedDomains": ["github.com"],
"deniedDomains": []
}
}
CONF
# Run
srt "git clone --depth 1 https://github.com/anthropic-experimental/sandbox-runtime /tmp/test-repo"Reported by: Maciek & Claude (Opus 4.5)